User Namespace in Red Hat Enterprise Linux 7.2

Red Hat announced the availability of user namespace in RHEL 7.2
release notes,
but they don’t give details on how to use them. By default in RHEL 7.2, user
namespaces are disabled.

Verify if user namespace is enabled

You can run a quick check by executing the
demo_userns.c program, that creates a child
in new user namespace. The child simply prints its effective user, groupd IDs
and capabilities. If it runs successfuly, then namespaces are already enabled
for you. However, if it returns something like clone: Invalid argument, then user
namespaces are disabled.

You might need to install following libraries to run the demo_userns.c:

sudo yum install libcap-devel

Compile it using lcap:

gcc -lcap demo_ns.c -o demo_ns

Enable user namespace

To enable user namespace, you need to change one of the kernel parameters. You
can do it by running following command: